Can you imagine using a computer from the 1960s to run your business? Of course you can’t. But many U.S. merchants and banks still use payment cards with magnetic strip technology that’s more than 50 years old. On October 1, a liability shift goes into effect that may entice businesses to adopt modern “chip” technologies to more effectively combat fraud from counterfeit cards. Here’s critical information that merchants and consumers should know about the liability shift going forward.
Pros and Cons of EMV Compliance
The U.S. Small Business Administration (SBA) estimates that payment card fraud will cost U.S. businesses about $10 billion in 2015. Card issuers in Canada and several European, Asian and Latin American countries have already seen payment card fraud rates drop significantly after they switched from magnetic cards to chip cards, also known as EuroPay, MasterCard and Visa (EMV) cards.
How do chip cards help fight payment card fraud? Like old fashioned music cassette tapes, magnetic credit and debit cards store static information, making them easy targets for hackers. If a thief steals data from a magnetic credit card, he or she can copy the unchanging data onto a cloned card and use it to make purchases or withdraw cash.
Conversely, a chip card contains a tiny metallic square that’s actually a mini-computer. Chip cards generate a unique encrypted code for each transaction, so they’re more secure than magnetic cards when read by an EMV-compliant processing device.
To enhance security, major U.S. card companies have finally mandated a liability shift for certain payment card transactions, effective on October 1, 2015. The ultimate goal is to make the United States EMV-compliant and reduce payment card fraud rates — but that may be a long and confusing process. The SBA estimates that about 40% of U.S. payment cards will contain EMV chips by the end of 2015, up from 3% at the start of the year.
The downside of EMV compliance is cost. Chip cards are more expensive for banks to manufacture than magnetic strip cards. To ensure timely EMV compliance, banks must reissue thousands of chip cards, often before their expiration dates. Financial institutions also may need to upgrade their ATMs. In addition, merchants must upgrade to EMV-compliant equipment and processing systems to accept in-store card payments that are protected with EMV technology. These costs will be offset by a reduction in payment card fraud, however.
Myths and Misconceptions
There have been lots of rumors about EMV compliance in the business community. Just to clarify, merchants that haven’t upgraded their equipment and processing systems to the minimum EMV requirements won’t be arrested or shut down on October 1. There’s no federal law mandating that card issuers, merchants or consumers upgrade to EMV-compliant cards or equipment.
Instead, major U.S. card companies — including Visa, MasterCard, Discover and American Express — have voluntarily imposed a liability shift for counterfeit “card present” transactions that goes into effect for most merchants on October 1, 2015. Gas stations with automated fuel dispensers have until October 1, 2017, before their liability on counterfeit cards is shifted.
In the past, card issuers — including banks, credit unions and other financial institutions that issue debit or credit cards — generally accepted all liability for counterfeit payment card transactions. But on October 1, 2015, the liability for counterfeit in-store payment card transactions generally shifts to the party (either the issuer or merchant) that doesn’t support EMV.
In other words, if a merchant accepts an in-store payment with a chip card and processes the transaction using a magnetic-only card reader, the merchant will be responsible for replacing the funds from fraud losses, not the card issuer. Most new cards will be enabled with both chip and magnetic strip technology to facilitate the transition phase.
The liability shift doesn’t change the liability for online purchases, in-store transactions conducted using lost or stolen cards, or in-store transactions conducted using cards that only offer magnetic strips. Payment card issuers will continue to be liable for payment fraud that occurs with these types of transactions.
Payments on Mobile Devices
The liability shift is part of an ongoing effort to reduce payment card fraud. The next generation of payments is expected to be even faster and more secure than EMV cards. Instead of pulling a payment card out of their purse or wallet, consumers of the future will likely pay with contactless near field communication (NFC) mobile wallets. This technology simply requires a tap of the buyer’s smart phone or watch. As an added bonus, mobile payment devices may be protected with biometric data, such as thumbprints, to protect against lost or stolen cards.
Proactive merchants may decide to upgrade their equipment and internal processing systems to allow all three types of payments: magnetic strip cards, chip cards and mobile NFC devices. Doing so is likely to minimize the long-term cost and hassle of upgrading card readers, as well as providing optimal flexibility and fraud protection when processing transactions for years to come.
© 2015 Thomson Reuters